lately pop up windows appear when I visit any site . For example as I was visiting "Experts-exchange" and writing this question a pop up window appeared and in the address bar I think was written:www.win-antivrus.com

Another pop up window has I think the www.adultfinder.com address, it usually appear when I visit adult sites.

At other times at the address bar of the pop up window would appear the spy site address and the name of the site I am visiting at that moment such as www.yahoo.com

In addition, at each computer session "Zone- alarm Pro" would display a warning that it blocked a contact with a spy site such as www.imagesrvr.com

1. Since your have HijackThis, Spy Blaster, Spybot S&D, and Adaware, did you check if you have mailware?

2. The popups are likely coming from the websites. If the Internet Explorer popup blocker is not stopping the popups, Popup Stopper will block the popups. There is a free version in the lower left of this webpage

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Please rename Hijackthis.exe to "analyse.exe or "HJT.exe".
After you renamed it, run a scan with the renamed hijackthis and post a new link to the log so we can see the result.
The nasties in your pc is hiding from hijackthis.exe process that's why you need to rename hijackthis to something else before running a scan.

Once you renamed hijackthis, the nasties won't be able to hide from the scan.

Eaglek1,
I'm 99% sure(could be wrong of course, lol) that vundo trojan is what's hiding from hijackthis.exe but we can't see it until you renamed hijackthis.exe to something else.

Eventhough Vundo can hide from hijackthis.exe, it can not hide from VundoFix.exe so your other option is to follow my hunch and use vundofix.exe

Please download VundoFix.exe to your desktop.http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Put a check next to "Run VundoFix as a task".
You will receive a message saying vundofix will close and re-open in a minute or less.
Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.

You can usually right-click the exe and select rename. Windows 98 will get infected more than anything, I'd stear clear of it, everyone is an administrator on 98. FireFox or Opera are great browsers to use.
-rich

Select "Download and deploy SP2 to multiple computers", and then you get to the download site. After installing SP2 make sure you run all windowsupdates after that.

I'd use firefox, it is the best browser around by lengths... Don't use an old netscape browser, it wouldn't be able to show many newer sites properly.

If you want to delete those files above you should try that in safe mode, but I wouldn't delete them but rather rename them in case they are needed. The hijack log doesn't ring any alarm bells except that everything is out of date, and that in itself is alarms enough...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
*Under "Script file to execute" choose "Input Script Manually".
*Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
*Paste the text copied to clipboard into this window by pressing (Ctrl+V).
*Click Done
*Now click on the Green Light to begin execution of the script
*Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:
*It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
*On reboot, it will briefly open a black command window on your desktop, this is normal.
*After the restart, it creates a log file that should open with the results of Avenger’s actions. This logfile will be located at C:\avenger.txt
*The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Oh my stars!!!!!!!!
No wonder Avenger failed to delete the file, I messed up, sorry about that, I just copied it from your post and it is lacking the backward slash "\" after the C:

Please run Avenger again and this time do this:(the registry entry is already deleted so only the file left.
2. Copy ALL the text contained between the lines below to your Clipboard by highlighting it and pressing (Ctrl+C):

After runing "Avenger" at restart of the computer there was no the usual automatic appearance of the "Avenger" "NotePad" log file instead a "Notepad" dialouge box appeared and it gave me three choices "Yes" "No" and "Cancel". I choose "Yes" but the "NotePad" it produced was blank.

Then I ran "HijackThis". Here is the result of "HijackThis" after fixing the entries:

Not sure why Avenger didn't produce a log file.
You can check in the C:\Avenger.txt if it creates a log file.

Vundo is no longer showing in your hijackthis log so that is good.
You can check and make sure that this file -->C:\Windows\system32\mlljh.dll
is no longer in your system.

this 017 entry below you can fix if it doesn't belong to your domain/ISP, but I don't see it as a threat, not listed in the IP blacklist. The IP is located somewhere in Kuwait, belongs to Qualitynet.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7C917B-39BE-48CF-A583-ED4842ADB571}: NameServer = 213.189.89.2 213.189.89.4

In "Local Disk C" in the "Avenger" folder there is Zipped folder with today date and the time I ran the avenger. If I click on it another "Avenger" folder appear, if I click on it there are two icons one for a text file titled "Avenger" the other not a text file titled "backup"

Here is the content of the text file:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qxclcgkn

You can just delete those avengers folders and start again if you like. Avenger does not delete or overwrites backup, it just renames the first one.

>>Could not open file C:Windows\system32\mlljh.dll for deletion
Deletion of file C:Windows\system32\mlljh.dll failed!<<

this was the result of the first one right?
failed to delete because of the typo, not having the backward slash "\" after the C:
Avenger couldn't perform the request because of the wrong path. Do you see what I mean?

I then asked you to run Avenger again using the correct path as in below:(with the "\" included)
-----------------------------------
Files to delete:
C:\Windows\system32\mlljh.dll

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…

When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.